Spring Security Core和自定义验证器可用于确认密码字段? [英] Spring Security Core and custom validator for a confirm password field is possible?
问题描述
如果我编写以下代码:
static constraints = {
密码空白:false,密码:true ,验证器:{val,obj - >
if(obj.password!= obj.confirmarPassword)
return'usuario.password.dontmatch'
}
confirmarPassword bindable:true
}
}
static transients = ['confirmarPassword']
在密码
和 confirmarPassword
中引入相同的密码:
null id在usuario.Usuario条目中(在发生异常时不要刷新会话)
I找出问题的根源。这是下一个比较:
$ obj.password!= obj.confirmarPassword
如果我在验证器中写入以下代码:
printlnpassword:$ {obj.password Eclipse打印:
printlnconfirmarPassword:$ {obj.confirmarPassword)}
密码:testPassword
confirmarPassword:testPassword
密码:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword:testPassword
作为第二次尝试,我尝试过:
<$ p $如果(obj.password!= obj.springSecurityService.encodePassword(obj.confirmarPassword))
验证未通过:
类[class usuario.Usuario]的值[testPassword ]不通过自定义验证
以及:
<$ p $ printlnpassword:$ {obj.password}
printlnconfirmarPassword:$ {obj.springSecurityService.encodePassword(obj.confirmarPassword)}
Eclipse打印:
密码:testPassword
confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
密码:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
我尝试了第三次尝试:
if(obj.springSecurityService.encodePassword(obj.password)!= obj.springSecurityService.encodePassword (obj.confirmarPassword))
同样的错误:
null usuario.Usuario条目中的id(不会在发生异常后刷新会话)
密码看起来第二次加密两次:
fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
密码:e8c3cb111bf39f848b9a20e186f1663fd5acb0ae018ddf5763ae65bd6f45151e
confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
密码>
我的想法已经过时。客户端呢? 使用JavaScript执行此验证是否安全?
这是我完整的域类代码:
包usuario
类Usuario实现Serializable {
瞬间springSecurityService
字符串用户名
字符串密码
布尔启用
布尔accountExpired
布尔accountLocked
布尔passwordExpired
字符串confirmarPassword
字符串nombre
字符串apellidos
字符串电子邮件
字符串telefono
字符串documentoIdentificacion
布尔值aceptarPoliticaDeProteccionDeDatos = Boolean.FALSE
静态瞬变= ['confirmarPassword','aceptarPoliticaDeProteccionDeDatos']
static constraints = {
username blank:false,unique:true
password blank:false,password:true
confirmarPassword bindable:true,blank:false,pas剑:真,验证者:{val,obj - >
printlnpassword:$ {obj.password}
printlnconfirmarPassword:$ {val}
if((obj.password!= val))
返回'usuario.password.dontmatch'
}
nombre blank:false
apellidos blank:false
电子邮件空白:false,电子邮件:true
telefono blank:false,matches:[0-9 - +()] {3,15}
documentoIdentificacion blank:false
aceptarPoliticaDeProteccionDeDatos bindable:true,validator:{val,obj - >
if(!obj.id&& obj.aceptarPoliticaDeProteccionDeDatos!= true)//> !obj.id:si el usuario ya noestácreado。 Si yaestácreado es que loestámodificando y no es necesario que vuelva aceptar lapolítica。
返回'usuario.politicaprotecciondatos.notaccepted'
}
}
静态映射= {
密码列:``password`'
}
Set< Rol> getAuthorities(){
UsuarioRol.findAllByUsuario(this).collect {it.rol} as Set
}
def beforeInsert(){
encodePassword()
}
def beforeUpdate(){
if(isDirty('password')){
encodePassword()
}
protected void encodePassword(){
password = springSecurityService.encodePassword(password)
}
}
$ c $如果你使用的是spring安全,你可以试试这个:
class User {
字符串密码
静态映射= {
密码列:``password`'
}
设置<角色> getAuthorities(){
UserRole.findAllByUser(this).collect {it.role} as Set
}
def beforeInsert(){
encodePassword()
$ b $ def beforeUpdate(){
if(isDirty('password')){
encodePassword()
}
}
protected void encodePassword(){
password = springSecurityService.encodePassword(password)
}
}
它可以帮助您将编码后的密码保存在数据库中。
您可以使命令对象获取可变密码并进行编码像这样的密码:
$ pre $ @ $ $ $ $ $ $ $ $ @ $可变
类CommandObject实现Serializable {
字符串密码
字符串confirmPassword
$ b $静态约束= {
密码可空:false,空:false
confirmPassword可空:false,空:false,验证器:{val ,对象 - > ((val!= object.password)){
return'passwordMismatch'
}
return true
}
}
}
}
If I write the following code:
static constraints = {
password blank: false, password: true , validator:{ val, obj ->
if (obj.password != obj.confirmarPassword)
return 'usuario.password.dontmatch'
}
confirmarPassword bindable: true
}
}
static transients = ['confirmarPassword']
The following error appears after introducing the same password in password
and confirmarPassword
:
null id in usuario.Usuario entry (don't flush the Session after an exception occurs)
I found out the root of the problem. It is the next comparison:
obj.password != obj.confirmarPassword
If I write the following code inside the validator:
println "password: ${obj.password}"
println "confirmarPassword: ${obj.confirmarPassword)}"
Eclipse prints:
password: testPassword
confirmarPassword: testPassword
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: testPassword
As my second attempt I tried:
if (obj.password != obj.springSecurityService.encodePassword(obj.confirmarPassword))
The validation doesn't pass:
Property [password] of class [class usuario.Usuario] with value [testPassword] does not pass custom validation
And with:
println "password: ${obj.password}"
println "confirmarPassword: ${obj.springSecurityService.encodePassword(obj.confirmarPassword)}"
Eclipse prints:
password: testPassword
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
For my third attempt I tried:
if (obj.springSecurityService.encodePassword(obj.password) != obj.springSecurityService.encodePassword(obj.confirmarPassword))
Again the same error:
null id in usuario.Usuario entry (don't flush the Session after an exception occurs)
The password looks encrypted twice the second time:
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
password: e8c3cb111bf39f848b9a20e186f1663fd5acb0ae018ddf5763ae65bd6f45151e
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
I'm running out of ideas. What about the client side? Would it be secure to perform this validation with Javascript?
This is my full domain class code:
package usuario
class Usuario implements Serializable {
transient springSecurityService
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
String confirmarPassword
String nombre
String apellidos
String email
String telefono
String documentoIdentificacion
boolean aceptarPoliticaDeProteccionDeDatos = Boolean.FALSE
static transients = ['confirmarPassword', 'aceptarPoliticaDeProteccionDeDatos']
static constraints = {
username blank: false, unique: true
password blank: false, password: true
confirmarPassword bindable: true, blank:false, password: true, validator:{ val, obj ->
println "password: ${obj.password}"
println "confirmarPassword: ${val}"
if ((obj.password != val))
return 'usuario.password.dontmatch'
}
nombre blank: false
apellidos blank: false
email blank: false, email:true
telefono blank: false, matches: "[0-9 -+()]{3,15}"
documentoIdentificacion blank: false
aceptarPoliticaDeProteccionDeDatos bindable: true, validator:{ val, obj ->
if (!obj.id && obj.aceptarPoliticaDeProteccionDeDatos != true) //> !obj.id: si el usuario ya no está creado. Si ya está creado es que lo está modificando y no es necesario que vuelva a aceptar la política.
return 'usuario.politicaprotecciondatos.notaccepted'
}
}
static mapping = {
password column: '`password`'
}
Set<Rol> getAuthorities() {
UsuarioRol.findAllByUsuario(this).collect { it.rol } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
If you are using spring security, you can try this:
class User{
String password
static mapping = {
password column: '`password`'
}
Set<Role> getAuthorities() {
UserRole.findAllByUser(this).collect { it.role } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
It will hep you to save encoded password in database.
You can make a command object take a variable password and encode password like this:
@Validateable
class CommandObject implements Serializable {
String password
String confirmPassword
static constraints = {
password nullable: false, blank: false
confirmPassword nullable: false, blank: false, validator: { val, object ->
if ((val != object.password)) {
return 'passwordMismatch'
}
return true
}
}
}
这篇关于Spring Security Core和自定义验证器可用于确认密码字段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!